January 21, 2014

Hackers, phishing scams and malware are more prevalent than ever, yet computer users continue to use weak passwords to protect their devices.

Although the dumbest password of them all — password — has fallen slightly from grace, it has retained the No. 2 spot on the most commonly used list behind 123456, according to security firm SplashData’s annual list.

SplashData’s list of frequently used passwords — that includes ‘iloveyou,’ ‘abc123’ and ‘letmein’ — is proof positive a large number of Internet users have left themselves wide open for attack due either to a lack of knowledge or laziness.

“Seeing passwords like ‘adobe123′ and ‘photoshop’ on this list offers a good reminder not to base your password on the name of the website or application you are accessing,” said SplashData CEO Morgan Slain.

“Another interesting aspect of this year’s list is that more short numerical passwords showed up even though websites are starting to enforce stronger password policies.”

For example, new to this year’s list are simple and easily guessable passwords like ‘1234’ which sits at No. 6, and ‘000000,’ which nabbed the No. 25 spot. Below is the complete list.

SplashData’s Worst Passwords of 2013

Rank

Password

Change from 2012

1

123456

Up 1

2

password

Down 1

3

12345678

Unchanged

4

qwerty

Up 1

5

abc123

Down 1

6

123456789

New

7

111111

Up 2

8

1234567

Up 5

9

iloveyou

Up 2

10

adobe123

New

11

123123

Up 5

12

admin

New

13

1234567890

New

14

letmein

Down 7

15

photoshop

New

16

1234

New

17

monkey

Down 11

18

shadow

Unchanged

19

sunshine

Down 5

20

12345

New

21

password1

Up 4

22

princess

New

23

azerty

New

24

trustno1

Down 12

25

000000

New

SplashData’s list was compiled using files containing millions of stolen passwords posted online in 2013. The company is urging consumers and businesses alike to change their passwords immediately if it appears on the list.

SplashData offers the following tips for choosing more secure passwords:

• Use passwords of eight characters or more with mixed types of characters. One way to create longer, more secure passwords that are easy to remember is to use short words with spaces or other characters separating them. For example, “eat cake at 8!” or “car_park_city?”

• Avoid using the same username/password combination for multiple websites. Especially risky is using the same password for entertainment sites as you do for online e-mail, social networking, and financial services. Use different passwords for each new website or service you sign up for.

• Having trouble remembering all those different passwords? Try using a password manager application that organizes and protects passwords and can automatically log you into websites. There are numerous applications available, but choose one with a strong track record of reliability and security like SplashID Safe, which has a 10-year history and more than one million users. SplashID Safe has versions available for Windows and Mac as well as Smartphones and tablet devices.